Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Scan ScanSafe's annual report for heuristic experience

Report gives state of global information security threats
Security Strategies Alert By M. E. Kabay , Network World , 04/24/2008
Sign up for this newsletter now!

Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.

  • Share/Email
  • Tweet This
  • Comment
  • Print

ScanSafe offers what it calls “Web Security-as-a-Service” by providing a managed service (meaning there’s nothing for customers to install or maintain on-premise) that routes its clients’ Web traffic through secure proxies to scan content in real-time, protecting them from malware as well as providing a way for them to enforce acceptable Web usage policies.

Recently, ScanSafe released its 25-page “Annual Global Threat Report: Trends for January 2007-December 2007,” which is available with a non-intrusive registration from its Web site. The report was written by Senior Security Researcher Mary Landesman, who is a frequent contributor to the about.com series of articles on fighting viruses.

Here are some of the highlights of the report:

* The company’s services include sophisticated heuristic scanners as part of the “Outbreak Intelligence threat detection technology.”
* It scanned “more than 80 billion Web requests and blocked more than 800 million Web threats in 2007 on behalf of corporate customers in over 50 countries.”
* Sites hosting malicious code increased their uptime (Time to Live or TTL) over the course of 2007, with TTL around 18 days in the first half of the year but around 29 days in the second half of the year.
* About 21% of the threats detected by the company’s systems were zero-day exploits (that is, new attacks without signatures that could be used by signature-based scanners).
* Ten malware families accounted for 97% of all the observed events.
* The most frequent type of attack in the blocked events was password-stealing malware (about 37% of total attacks).
* Executables and scripts (including PHP, EXE, JS, and DLL and other code-containing files) constituted about 71% of the threats that were blocked.
* Bogus “malware scanners” post flash popups that claim to scan user computers to “discover” extensive infection – and magically remove the non-existent infections for a modest fee.
* Macro viruses and e-mail worms now constitute “less than 0.1% of all blocks.”

The last section, “2008 Security threat predictions,” has interesting suggestions that are discussed in detail. Quoting exactly from the section’s introduction:

* Cyber criminals follow the money: Web 2.0 will continue to fuel high profile attacks
* Remote and roaming security becomes a mounting pain point for businesses
* Continued pressure to end public disclosure of “Whois” Information
* Growing underground market for warehousing and selling of stolen database information
* Storm worm hangover continues well into 2008.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed